Configuring your firewall user guide 110 – WiLife V2.1 User Manual

Configuring Your Firewall

User Guide

110

Troubleshooting Note: XMPP also happens to be used in some Instant Messaging (IM) software such as

Google Talk. If a firewall is trying to block all IM communication, it will likely also block remote viewing and

control.

WiLife Networking Protocols

Description

Ports Required

Network

UPnP Discovery

UDP: port 1900

Camera

UPnP Control

TCP: ports 50000-65000

Camera

Video Streaming

TCP: port 22211

Camera

Camera Control

TCP/UDP: ports 5800-5821

Camera

DHCP

UDP: port 67inbound, port 68 outbound

Camera

WiLife Online

TCP: ports 80, 443, 5222 (outbound)

Internet

Relay Remote Viewing

TCP: port 80 (outbound)

Internet

Direct Remote Viewing

TCP: ports 20570-20575 (inbound)
(or other custom direct mode port)

Internet

Email Notifications

TCP: port 25 (outbound)
(or other custom SMTP port such as 465 for GMAIL)

Internet

The Command Center’s ability to communicate with the Internet also effects the connection with remote

viewing, in either direct mode or relay mode. With relay mode, the video is sent to WiLife servers from which

the remote client receives the video. With direct mode, your computer is acting as a server that delivers live or

recorded video remotely directly to the client.
Direct mode gives you the best remote viewing experience. However, a computer on the Internet must be able

to directly connect with the computer running Command Center. If a UPnP-enabled router is detected, WiLife

Command Center will attempt to use UPnP NAT to automatically map a port (between 20570 and 20575) from

the router to your computer for direct remote viewing. If you do not have a UPnP-enabled router (or have UPnP

control disabled for the router), you can still use direct remote viewing, but only if you manually configure your

router.
If there are multiple routers, hardware firewalls and software firewalls in between the PC running WiLife

Command Center and the Internet, then they all must be configured to allow the traffic needed for direct

remote viewing. If your setup doesn't allow direct remote viewing, you will still be able to use relay remote

viewing.
When viewing video remotely, your system at the remote location might also need to be configured to allow the

remote video stream, especially if there is a hardware or software firewall in between the remote client and the

Internet.
There are no inbound traffic requirements, but there are some outbound traffic requirements (usually most

firewalls don't block outbound traffic). In addition, streaming video may also be blocked in some business

settings. So check with your network administrator.
Remote Viewing Web Client to Internet

Description

Ports Required

Network

Relay Mode Remote Viewing

TCP: 80, 443, 554, 1755 (outbound)

Internet

Direct Mode Remote Viewing

TCP: 80, 443, 20570-20575 (outbound)

(or other custom direct mode port)

Internet

By design, firewalls and Internet filters attempt to control communications on both the internal camera network

and your Internet connection. This is not a problem if you configure them correctly. Remember, it is common to

have more than one software firewall installed on a PC. A router also acts as a hardware firewall in between

the PC and the Internet.
Note that the outbound requirements to the Internet would mean that any software firewalls would have to

allow the traffic, as well as any and all hardware firewalls and routers on the way from the PC to the Internet.

Outbound traffic to the Internet, in general, is usually not blocked, especially for home users. (In fact, most

consumer routers don't let you configure outbound firewall rules other than filtering out specified IP addresses

or ports). However, in a corporate or business environment, it is possible that outbound traffic is blocked

except for specified ports.